CVE-2025-9496
CVE-2025-9496 affects the Enable Media Replace WordPress plugin (up to version 4.1.6). Root cause: stored XSS via the file_modified shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers withContributor+ access can inject ...